Link to home
Start Free TrialLog in
Avatar of philb19
philb19

asked on

NAT of WAN IP (PIX FIREWALL) to ISA 2006 (IN DMZ )to setup EXCHANGE 2007 CAS (INTERNAL LAN)

Hi,  SETTING UP EXCHANGE CAS (EXCH SERVER IN THE INTERNAL LAN)
I realised I need to do a NAT of WAN IP on my PIX to the public ip DMZ interface of the ISA 2006 server. Also a DNS entry to for webmail.organization.com to point to WAN IP. I would like to clarify the following:

Once I have done the NAT on the PIX - that would mean that all traffic entering our network that wanted to get to any of the 12 servers in the DMZ - would be passing through the ISA 2006 server first.?? - Is that correct? - and therefore I would need to have all the ISA 2006 rules setup to allow appropriate traffic (basically the same rule set (ON ISA) allowing from outside -> to the DMZ as I have setup on my PIX - would that be a correct assumption - thanks
ASKER CERTIFIED SOLUTION
Avatar of dfxdeimos
dfxdeimos
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of philb19
philb19

ASKER

It just occured to me - that (im not sure agian about this)
If I do that NAT ie Outside interface PIX to the DMZ interface of PIX - you say all traffic then goes through ISA. Does that mean that the traffic (all traffic) - would  then be bypassing the rule set on the PIX - and hence if I was to open all  on the ISA - I would be opening up ALL traffic to the inside LAN

I only alow 3 or 4 ports from outside to the DMZ (with the PIX rule set) - if the outside is NAT'd to the DMZ ISA - is that no longer valid - or not the case?
Avatar of philb19

ASKER

DMZ interface of PIX  ( I MEANT DMZ interface of ISA)